There are four pivotal information technologies that are rapidly reshaping how enterprises operate: mobile technology, business analytics, cloud computing, and social business. All four of these technologies are potentially disruptive, and they also come with unique security concerns. Many people fear the security implications of employees bringing their own mobile devices to work, or storing mission critical databases in public cloud environments. Fear shouldn’t drive organizations away from these potentially transformative technologies. How are organizations overcoming their fears? How are they breaking though the “security wall”?

Recently IBM released the results of its 2012 Tech Trends Report, which looks at the adoption patterns of these four technologies. It is based on a survey of over 1,200 professionals who make technology decisions – the respondents came from 16 industries and 13 countries. As part of the analysis, three different types of organizations were identified:

Pacesetters (20%) believe emerging technologies are critical to their business success and are using them to enable new operating/business models. They’re also adopting ahead of their competition.

Followers (55%) agree that these technologies are important and can provide critical capabilities and differentiation, but they generally trail Pacesetters in adoption.

Dabblers (25%) are generally behind or, at best, on par with competitors in terms of adoption. They’re less strategic in their use of emerging technologies, namely citing greater efficiency or new capabilities in selected areas.

One common thread across all three of the identified groups is that security is a significant area of importance and concern. In fact, 62% of respondents cite security as one of the three most important areas facing their organization over the next two years, with 27% rating it number one. One interesting aspect is that, the less mature an organization is with respect to the four strategic technology areas, the more security rates as an area of importance and focus. Seventy-seven percent of the Dabblers cited security as a top-three area of importance, versus only 49% of the more mature Pacesetters. Why is that? Perhaps the Dabblers don’t fully understand, or trust, that there are security technologies, policies and practices that can ensure a more secure approach overall. Or perhaps they lack the experience the Pacesetters have.

“Security and privacy are not always treated as first-order problems. Things are deployed and made widely available without regard for security and privacy. In a best-case scenario, security and privacy are thought of as add-ons. Worst case, they’re ignored completely.”
– Dr. Eugene Spafford, Professor and Executive Director of the Center for Education and Research in Information Assurance and Security, Purdue University

Besides being an area of significant importance, security is also seen as a significant barrier to technology adoption by the survey respondents. Information security is ranked as one of the top two barriers to adoption across the four technology areas – more than integration, inadequate skills or regulation and compliance. Overall, security is the biggest barrier for a majority of respondents for mobile (61%) and cloud (56%) adoption. Security is cited less often as the top adoption barrier in social (47%) and analytics (31%). As shown by the dark blue bars in the graph below, there isn’t a huge gap between the groups (9-11%) when it comes to security concerns, but, in general, less mature Dabblers see security as more of a barrier than the more mature Pacesetters. The exception is analytics, which has the lowest adoption barrier. Perhaps Pacesetters better understand the potential risks in implementing advanced analytic systems.

Another part of the security wall blocking the full realization of the benefits of the four technologies is that organizations’ current IT security policies aren’t sufficient. The figure above generally shows correlations between viewing security as a barrier to adoption (dark blue bars) and inadequate security policies (light blue bars). The Pacesetters are more confident across the board, with a majority saying that their security policies are adequate. The “adequate policies gap” between the Pacesetters and Dabblers ranges from 13% to 32%, a fairly wide margin. This tells us that organizations that have the right security policies in place are more confident, and less likely to see security as a barrier. For the others, there is a gap between their fears and taking the steps needed to address those fears.

Another tool organizations are using to attack the security wall is skills development. A majority of the respondents know that security is an issue and are working hard to boost their confidence. Overall, 70% of organizations are planning to develop or acquire skills in “mobile security and privacy” and “cloud security” – the two technology areas where security is seen as the biggest barrier.

Security is tightly intertwined with the four technology areas discussed. You shouldn’t pursue cloud, mobile, social or analytics endeavors without also focusing on needed security technologies, skills, policies and practices. The more you focus on policies and skills, the less likely you will see security as an impediment. Treat security as a business imperative and make it a priority. Design security in from the start of any project. Doing this will increase confidence and help to tear down the walls that are slowing the adoption of important, transformative technologies.

Susanne Hupfer, Consultant, IBM Center for Applied Insights
Our director, Steve Rogers, recently interviewed Paul Brunet, IBM Vice President of ISVs, Start-ups, and Academic Programs, about his perspective on the 2012 Tech Trends study. Whether you're an IT or business decision-maker, an academic, or an IT practitioner, you may discover valuable insights and recommendations in their broad-ranging conversation.

IT and business leaders:
Why are CEOs regarding technology and skills as top concerns -- now outranking even market and economic forces? Why is it crucial to leverage emerging technologies for competitive advantage?
Paul discusses four technology areas -- mobile, cloud, social business, and business analytics -- and contrasts adoption and skill levels in mature and growth markets. He covers challenges to adoption -- such as security, skill gaps, and integration -- and explains why security is a business imperative. IT and business decision-makers may also be eager to learn more about the elite "pacesetter" group identified by the study, who are unlocking competitive advantage by being more market-driven, experimental, and analytical.

Academics:
How can academia better monitor the needs of the enterprise and teach relevant skills their students will need upon graduation?
Paul also examines how using sandboxes and collaborative spaces can encourage experimentation, skills development, and collaboration across universities and practitioner areas.

Practitioners:
Where should you be expanding your skills? What traits are IT leaders looking for today?

Paul and Steve talk about the importance of integrating business along with IT skills.

In 2012 we saw significant data breaches across multiple industries and governments impacting millions of users. Will 2013 bring more of the same? Is this an uncertain future we will have to live with? Can we accept degraded privacy and security and billions of dollars in lost revenue, damage, reduction in brand value and remediation costs?

Last year, a number of major security themes were part of this uncertainty – cloud, mobile, social media, big data, compliance, advanced persistent threats, physical infrastructure security, and the changing nature of information security leadership. None of these issues are going anywhere. In fact, into 2013 and beyond these issues are only going to become more important and will become the concern of more and more enterprise leaders.

All of these disparate issues come together in a new infographic from IBM. It knits together the pressures CEOs are feeling to deliver transformation with limited resources, the changing role of information security leaders, the threat landscape and the best practices to address that landscape. It connects enterprise priorities with information security practices, achieving innovation while dealing with risk.

In 2012, the IBM Center for Applied Insights released a series of security-related pieces that focused on a number of these important issues. We looked at the changing role of the CISO and other security leaders in our 2012 CISO Assessment. We also published a series of best practices for security leaders through our eight article Security Essentials series. In 2013 we will continue to provide insights on information security.

What does IBM think the future of security will look like? IBM security experts and leaders have developed lists of ideas for 2013 and beyond. Highlights include:

Enterprise security organizations will become more independent and work with the audit committee and risk officers more.

Data scientists will increasingly analyze and correlate security data as well as unstructured business data to reduce the risk of breaches.

Threat data will be shared more readily between the government and private sector, and amongst private sector companies.

Organizations will begin monitoring the information shared on social media back channels to detect threats earlier.

Compliance will remain a strong security driver and will be weighed against the rise of a risk-based approach to security.

Because of data, identity and monitoring technologies, cloud security will go from "mystery and hype" to "secure and move-on".

Mobile devices (the device, network and applications) will be significantly more secure – more than laptops are today.

The type of data collected and inspected to detect advanced threats will increase in variety and volume.

Keeping these ideas, trends and emerging issues in mind, information security leaders must rise to the challenge of creating a future that isn’t like today. By using their best practices to connect with and support enterprise-level goals they can create a better, more secure, future.